Data protection information

Data protection information

When EU’s General Data Protection Regulation (GDPR) enters into force, this data protection information will replace our previous register descriptions. In accordance with the GDPR, we wish to inform those who use our services and website (below “customer”) of the manner in which we process personal information in a concise, transparent, easily understandable manner, by using clear and simple language. If you have any questions about the information presented below or the manner in which we take care of data protection, please do not hesitate to contact us.

1. Controller

Espoon Seudun Uusyrityskeskus ry (ESUYK in the following)
A Grid, Otakaari 5 A, 02150 Espoo
Business ID 0951711-0
Tel. 010 33 66 550.

2. Contact person for data protection

You can send any questions regarding this document to our data protection contact person Päivi Lahtelin-Laine, for contact information see

3. Our registers of personal information

We process personal information about our customers for different purposes and therefore partly in different registers.

4. Purpose and legal basis for processing personal information

We process personal information primarily in order to take care our customer relations but for reporting and statistics as well and for informing about our operations and for their marketing. We process information in order to fulfil a contract (business consultancy), our legal obligations, based on legitimate interest (reporting and statistics) and based on consent (marketing). We may also send our customers customer feedback enquiries, the results of which we use in order to develop our operations.

As a whole, it can be said that our legitimate interest above all deals with spreading information about our operations, the development of our operations and the maintenance of well-functioning co-operation networks.

5. Groups of personal information

When offering advice on establishing a company, we may process the following information about our customers:


Home address

Telephone number

E-mail address

Business concept/Business ID

The above mentioned information will be entered in the Ajas system, when an appointment is booked. From there it will be transferred to the Hakosalo customer information system.

When meeting the customer for the first time, we will add the following information to our register:


Year of birth

Domicile (municipality)


Language used

Education class

Employment situation

Where has the customer heard of EnterpriseEspoo’s services

If the company is already operational, its business ID, registration date and contact information, which are transferred automatically from the Business Information System (YTJ).

In addition, we make notes about the meeting with the customer and the business concept, any expert sources and the customer’s business plan.

Customers register for ESUYK’s events through the Lyyti service, which may also be used for communications about events. In connection with the registration, we ask the customer’s name, e-mail address and possibly information about special diets and other details in connection with the event that are necessary for arranging it. We may request feedback about the event by e-mail, the Lyyti system or with some other corresponding tool. It is also possible to register for some of the events directly, for example by sending e-mail to our customer advisor.

6. Sources of information

We basically get the information that we process from the customer. On the other hand, e.g. our personnel uses public sources of information when necessary (e.g. Finnish Patent and Registration Office (PRH) and YTJ). If the customer already has a business ID, the information about the company (registration date, contact information and standard industry classification) is transferred to our systems from the YTJ. When a customer has established or wound up a company, said information is transferred to our registers from the Trade Register maintained by PRH. When necessary, we receive information (and inform the customer about this) from different interest groups (e.g. TE Offices, Finnvera and our experts).

7. Those receiving and processing personal information

If the customer so wishes, he or she may give consent to becoming member of a local association of the Federation of Finnish Enterprises, in which case customer information is transferred to the Federation of Finnish Enterprises.

In addition, information and the business concept may be processed for taking measures that the customer’s needs call for together with the TE Office, Finnvera, our experts or other corresponding actors.

We use our service providers’ systems in order to serve our customers. Consequently, our customers’ information may be processed at least in the following services: Ajas (booking appointments), Hakosalo (customer information system), Questback (customer feedback), Postiviidakko (newsletter) and Lyyti (registration for events, remainders and feedback inquiries).

8. Transfer of information

We do not transfer information outside the EU or EEA.

9. Consent for marketing

If the customers so wish, they may join ESUYK’s mailing list either by giving a written consent on the customer information form or by joining the mailing list through a link on our website. If a person living in the ESUYK’s main area of operation (Espoo and Kauniainen) has downloaded the Entrepreneur Guide from the website and given a marketing consent, his or her e-mail address is added to ESUYK’s mailing list. The newsletter on matters and events pertaining to entrepreneurship is sent to our customers through the Postiviidakko service. We may occasionally also send other material on entrepreneurship to our customers by mail. You can leave the electronic mailing list whenever you wish to do so though the link at the end of the newsletter or by informing ESUYK of this (and thereby object to the processing of information for electronic direct marketing purposes).

10. Storing of personal information

We process personal information based on the purpose of its use and the time needed. We wish to remind that, e.g. the reporting and statistics obligations that bind us may require the storing of data even after business consultancy has ended. In addition, the customers should understand that we may, as necessary, save information that is essential with regard to statistics in such a manner that the customer may not directly or indirectly be identified on the basis of it.

11. Principles for protecting the processing of personal information

The main principle is that we process our customers’ personal information in protected information systems, where the right of use requires, e.g. a user ID and a password. User rights are granted to persons who are employed by the controller and to whose position and tasks said right is related. When using electronic communications (e.g. e-mail), we take the required measures for securing a sufficient data protection level. We store our customer information forms in locked premises.

12. Rights of the registered person

Right of access to the personal information:

  • a customer may contact us and check the information that we have stored about him or her

Right to correct information:

  • even though we always try to make sure that the information is intact and up-to-date, a customer may contact us and request that incorrect information is corrected

Right to erase information:

  • if the purpose of use is no longer valid and the customer has, for instance, cancelled his or her consent to a certain purpose of processing information, we will erase the information and the customer also has the right to require this of us

Right to restrict processing:

  • a customer may contact us and check the information that we have stored about him or her

Right to object:

  • we have created mechanisms with which our customers may object to the processing of their personal information, and we also wish to remind that, to the extent that the processing is based on consent (regarding marketing, for instance), our customers always have the right to freely cancel their consent

Right to transfer information between systems:

  • customers may contact us if they need their information in other systems than ours, and we will try to deliver the information in such a manner that it may be transferred to another system

13. Other considerations

Even though we try to act in accordance with the GDPR, for instance, a customer may always contact our Data Protection Officer or lodge a complaint with the supervisory authority.

When collecting information, we try to explain to our customers which information is voluntary and which information is compulsory. Basically, at least the information listed above is necessary for us so that we can provide business consultancy or other services (in order to fulfil the obligations based on contract or law).

We do not use personal information for automatic decision-making (including profiling).